/**
 * Copyright (c) 2016-2019 人人开源 All rights reserved.
 *
 * https://www.renren.io
 *
 * 版权所有，侵权必究！
 */

package io.bsly.common.xss;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

/**
 * XSS过滤
 *
 * @author Mark sunlightcs@gmail.com
 */
public class XssFilter implements Filter {

	//过滤swagger的相关请求，如果需要用到swagger删除如下代码即可，想拦截其他内容可以在下方配置！
	private static final Set<String> ALLOWED_PATHS = Collections.unmodifiableSet(new HashSet<>(
			Arrays.asList("/swagger-ui.html", "/v2/api-docs")));

	@Override
	public void init(FilterConfig config) throws ServletException {
	}

	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
		XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper((HttpServletRequest) request);
//		String path = xssRequest.getRequestURI().substring(xssRequest.getContextPath().length()).replaceAll("[/]+$", "");
//		boolean filterPath = ALLOWED_PATHS.contains(path);
//		if (!filterPath) {
//			chain.doFilter(xssRequest, response);
//		}
		chain.doFilter(xssRequest, response);
	}

	@Override
	public void destroy() {
	}

}